The judge in the $1.9 billion civil suit between Waymo and Uber released the letter of a disgruntled former employee on Friday, laying bare a number of explosive allegations against the ride-hailing company that include corporate espionage, unlawful surveillance, illegal wiretapping, bribery of foreign officials, and illicit hacking. That document also says that former Uber CEO Travis Kalanick, who was ousted in June, directly received stolen trade secrets.

That 37-page letter, penned by former Uber employee Ric Jacobs and sent to the company in May, became the center of a fierce debate between Waymo, the self-driving car unit of Google's parent company Alphabet, and Uber, which did not previously disclose the document to Judge William Alsup. In turn, the federal district judge excoriated Uber’s lawyers in pre-trial hearings in November and suggested that they were attempting to hide something from the court.

Alsup only recently found out about the letter, after a US attorney investigating Uber for a potential federal case forwarded it to him. The document caused the judge to delay jury selection and the trial until the new year so that the plaintiffs could review the new evidence.

The letter, available in full to the public for the first time on Friday, contains allegations that could dramatically affect the outcome of Waymo’s case against Uber, and completely shatter the San Francisco-based company’s already frail reputation after a year of scandals. Crucially, it includes a claim that collections of stolen trade secret data were delivered directly to former CEO Travis Kalanick, though it's unclear if that information was related to Waymo.

“While we haven’t substantiated all the claims in this letter — and, importantly, any related to Waymo — our new leadership has made clear that going forward we will compete honestly and fairly, on the strength of our ideas and technology,” an Uber spokesperson said in a statement.

A spokesperson for Kalanick declined to comment.

In testimony last month, Jacobs walked back on some of the claims in his letter, noting that it was written by his lawyer and that he did not review it in full before it was sent.

Jacobs, who now lives in Seattle, left Uber in April after he was allegedly caught trying to download internal documents with the intention of making them public. After his departure, his lawyer sent Uber’s deputy general counsel Angela Padilla the letter detailing what he perceived to be illegal behavior inside the company. During her testimony last month, Padilla called Jacobs’ demands at the time “extortionate,” though Alsup questioned why a company would pay anyone millions of dollars to simply make claims go away.

Uber ultimately paid Jacobs $4.5 million in cash and stock in exchange for agreeing not to disparage it in public — though that did not prevent him from testifying — and for his help in resolving the security issues he outlined in his letter. According to his testimony, Jacobs’ settlement prevents him from disparaging Uber in public, though it does not stop him from telling the truth in a court setting. Jacobs remains a consultant for Uber.

Jacobs and his lawyer Clayton Halunen, who received an additional $3 million as part of the settlement, did not immediately respond to request for comment. Halunen previously told BuzzFeed News that Padilla’s testimony about his client was “outrageous and possibly defamatory,” and that the settlement he received was standard per the 40% cut he takes from all contingency cases.

Below are some of the most contentious allegations in that document, some of which have already been discussed at length in November’s hearings:

That “not only was Uber able to obtain trade secrets, but used the data it obtained to inflate the ultimate valuation of Uber.”

“Uber's Marketplace Analytics (MA) team, exists expressly for the purpose of acquiring trade secrets, codebase, and competitive intelligence- including deriving key business metrics of supply, demand, and the function of applications-from major ridesharing competitors globally.”

In January 2017, a person “contacted Jacobs on Wickr and advised they 'had a bug in a meeting with transport regulators," and that they ‘needed help cleaning up the audio.’ Jacobs immediately contacted Craig Clark, Uber's then-legal director for threat operations, and informed him of the unlawful request. Clark instructed Jacobs to tell the city team that Uber did not have the technical capabilities to assist, encourage them not to transmit the audio, and convince them to ‘make it go away’.”

“Jacobs reasonably believed that bribery of foreign officials was taking place”, but the names of the places where he thought this was happening were redacted.

Uber “used undercover agents to collect intelligence against the taxi groups and local political figures. The agents took rides in local taxis, loitered around locations where taxi drivers congregated, and leveraged a local network of contacts with connections to police and regulatory authorities.”

Uber "collected details on [redacted], including: information on these firms' connections to political and regulatory officials, their data sharing agreement and connection to the [redacted], their efforts to replace Uber in [redacted], and their investments in the taxi sector in [redacted]. These facts demonstrate that vendors, directed by Uber employees, conducted foreign espionage against a sovereign nation despite Jacobs's objections.

Jacobs felt the things Uber was doing overseas “needlessly exposed Uber and its employees to severe risk — including the likely termination of Uber's operations and possible imprisonment of its employees — should capable security services in many overseas locations discover Uber's espionage.”

Jacobs wanted to create a “secure and encrypted database to ensure confidentiality and presented a draft proposal” to his managers. However, “discussions broke down immediately as the group objected to preserving any intelligence that would make preservation and legal discovery a simple process for future litigants.”

“Jacobs questioned the legality of collecting intelligence necessary for the analysis, which targeted politicians, regulators, and taxi union officials."

“In January 2017, Jacobs informed Clark, as discussed above, that a [redacted] team member had illegally bugged a meeting. Clark did nothing.”

In February, Jacobs was demoted without warning, which he felt was a direct response to his unwillingness to engage in illegal activity.

"Since his termination, Jacobs has learned that, rather than conduct a legitimate investigation, CEO Travis Kalanick informed several of the implicated parties about Jacobs' claims prior to any legitimate investigation. This is largely the reason that Jacobs does not feel Uber has acted in good faith, and why he does not wish to sit down for a formal interview.”

Uber may have improperly recorded a phone call with employees "following allegations of of sexual harassment by a former Uber employee. Uber did not tell the participants that the call was being recorded and accordingly had not received permission from the call participants to record it, as required by California law."

Uber hired at least one CIA-trained contractor to collect "mobile-phone metadata either directly through signal-intercept equipment, hacked mobile devices, or through the mobile network itself. The information eventually shared with Jacobs and others included call logs, with time and date of communications, communicants' phone numbers, call durations, and the identification of the mobile phone subscribers."

Uber accessed a protected computer database to lure drivers away to work for the company even though "the database was protected by 'Captcha' to prevent the sort of automated downloading that Uber's MA team intended to carry out. MA was ultimately successful in hacking the system and obtaining the driver database. Because Uber knowingly accessed a protected computer in order to fraudulently capture its valuable contents to gain a competitive advantage, the hack violates the [Computer Fraud and Abuse Act], as well as California Penal Code Section 502."

When asked last month by Waymo’s lawyer on whether he was aware of a unit within Uber stealing trade secrets, something he outlined in his lawyer’s letter, Jacobs distanced himself the claims. “I don’t stand by that statement,” Jacobs testified when asked about a passage in the letter that discussed an Uber employee recruiting job candidates with sensitive information from competitors. A lawyer for Jacobs also filed a motion last month in an attempt to prevent the letter from being viewed by the general public.

“There's hyperbolic language in here or things that I would not have stated in the same manner, but… I did not write the letter,” Jacobs said in court, placing the responsibility for the document on his previous lawyer, Halunen.

In a November 29 email to employees, Uber CEO Dara Khosrowshahi wrote, “With regard to the allegations outlined in Ric Jacobs’ letter, I can tell you that we have not been able to substantiate every one of his claims, including any related to Waymo. But I will also say that there is more than enough there to merit serious concern.”

A lawyer for Clark, who was fired from the company last month for his role in covering up an October 2016 incident in which Uber was hacked, also denied that his client did anything wrong.

"He has never been allowed to see Mr. Jacobs’ letter and looks forward to addressing it at the appropriate time," Mark Howitson, Clark's attorney, said in a statement. "Mr. Jacobs' testimony on the content of his letter speaks for itself."

Also on Friday, a court administrator issued an opinion on the matter of the Jacobs letter, stating that Uber knew of the letter’s existence and should have released it as part of the previous discovery process.

“The facts in this case suggest that Ms. Padilla knew of the Jacobs Letter at the time Uber had to respond to discovery requests calling for its production — it certainly was ‘reasonably accessible’,” the filing reads. “Mr. Jacobs’ correspondence alleged systemic, institutionalized, and criminal efforts by Uber to conceal evidence and steal trade secrets…”

Alsup can now respond to this finding, and could potentially choose to sanction Uber’s legal team for its failure to produce the document.

Ryan Mac is a senior tech reporter for BuzzFeed News and is based in San Francisco.

Share on Twitter
Share on Twitter
Twitter
Share on Facebook
Share on Facebook
Facebook
Share on System
Share on System
System

We value your privacy

We and our partners use technology such as cookies on our site to personalize content and ads, provide social media features, and analyze our traffic. Click below to consent to the use of this technology across the web. You can change your mind and change your consent choices at anytime by returning to this site.

BuzzFeed

Information storage and access

The storage of information, or access to information that is already stored, on your device such as advertising identifiers, device identifiers, cookies, and similar technologies.

Personalisation

The collection and processing of information about your use of this service to subsequently personalise advertising and/or content for you in other contexts, such as on other websites or apps, over time. Typically, the content of the site or app is used to make inferences about your interests, which inform future selection of advertising and/or content.

Ad selection, delivery, reporting

The collection of information, and combination with previously collected information, to select and deliver advertisements for you, and to measure the delivery and effectiveness of such advertisements. This includes using previously collected information about your interests to select ads, processing data about what advertisements were shown, how often they were shown, when and where they were shown, and whether you took any action related to the advertisement, including for example clicking an ad or making a purchase. This does not include personalisation, which is the collection and processing of information about your use of this service to subsequently personalise advertising and/or content for you in other contexts, such as websites or apps, over time.

Content selection, delivery, reporting

The collection of information, and combination with previously collected information, to select and deliver content for you, and to measure the delivery and effectiveness of such content. This includes using previously collected information about your interests to select content, processing data about what content was shown, how often or how long it was shown, when and where it was shown, and whether the you took any action related to the content, including for example clicking on content. This does not include personalisation, which is the collection and processing of information about your use of this service to subsequently personalise content and/or advertising for you in other contexts, such as websites or apps, over time.

Third-party vendors

Information storage and access

The storage of information, or access to information that is already stored, on your device such as advertising identifiers, device identifiers, cookies, and similar technologies.

View CompaniesHide Companies

Company

Lotame Solutions, Inc.

OpenX Software Ltd. and its affiliates

The Rubicon Project, Limited

Index Exchange, Inc.

comScore, Inc.

DoubleVerify Inc.​

LiveRamp, Inc.

Taboola Europe Limited

PubMatic, Inc.

Outbrain UK Ltd

EMX Digital LLC

Nielsen Marketing Cloud

Google (DFP / AdX)

Personalisation

The collection and processing of information about your use of this service to subsequently personalise advertising and/or content for you in other contexts, such as on other websites or apps, over time. Typically, the content of the site or app is used to make inferences about your interests, which inform future selection of advertising and/or content.

View CompaniesHide Companies

Company

Lotame Solutions, Inc.

OpenX Software Ltd. and its affiliates

LiveRamp, Inc.

Outbrain UK Ltd

EMX Digital LLC

Nielsen Marketing Cloud

Google (DFP / AdX)

Ad selection, delivery, reporting

The collection of information, and combination with previously collected information, to select and deliver advertisements for you, and to measure the delivery and effectiveness of such advertisements. This includes using previously collected information about your interests to select ads, processing data about what advertisements were shown, how often they were shown, when and where they were shown, and whether you took any action related to the advertisement, including for example clicking an ad or making a purchase. This does not include personalisation, which is the collection and processing of information about your use of this service to subsequently personalise advertising and/or content for you in other contexts, such as websites or apps, over time.

View CompaniesHide Companies

Company

Lotame Solutions, Inc.

OpenX Software Ltd. and its affiliates

LiveRamp, Inc.

Outbrain UK Ltd

Google (DFP / AdX)

Content selection, delivery, reporting

The collection of information, and combination with previously collected information, to select and deliver content for you, and to measure the delivery and effectiveness of such content. This includes using previously collected information about your interests to select content, processing data about what content was shown, how often or how long it was shown, when and where it was shown, and whether the you took any action related to the content, including for example clicking on content. This does not include personalisation, which is the collection and processing of information about your use of this service to subsequently personalise content and/or advertising for you in other contexts, such as websites or apps, over time.

View CompaniesHide Companies

Company

Lotame Solutions, Inc.

LiveRamp, Inc.

Google (DFP / AdX)

Measurement

The collection of information about your use of the content, and combination with previously collected information, used to measure, understand, and report on your usage of the service. This does not include personalisation, the collection of information about your use of this service to subsequently personalise content and/or advertising for you in other contexts, i.e. on other service, such as websites or apps, over time.